ResiLien/nebula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Root constraint usage and support in nebula-cert

Browse Source
This commit is contained in:
Nate Brown
2019-12-17 17:59:21 -08:00
parent 0dc9aafa14
commit 328db6bb82
5 changed files with 71 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/nebula-cert/sign_test.go
View File

@ -253,7 +253,7 @@ func Test_signCert(t *testing.T) {
ob.Reset()
eb.Reset()
args = []string{"-ca-crt", caCrtF.Name(), "-ca-key", caKeyF.Name(), "-name", "test", "-ip", "1.1.1.1/24", "-out-crt", crtF.Name(), "-out-key", keyF.Name(), "-duration", "1000m", "-subnets", "10.1.1.1/32, , 10.2.2.2/32 , , ,, 10.5.5.5/32", "-groups", "1,, 2 , ,,,3,4,5"}
assert.EqualError(t, signCert(args, ob, eb), "refusing to generate certificate with duration beyond root expiration: "+ca.Details.NotAfter.Format("2006-01-02 15:04:05 +0000 UTC"))
assert.EqualError(t, signCert(args, ob, eb), "refusing to sign, root certificate constraints violated: certificate expires after signing certificate")
assert.Empty(t, ob.String())
assert.Empty(t, eb.String())